---

- name: Disable ssh password authentication
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: "^.*PasswordAuthentication yes"
    line: "PasswordAuthentication no"
    backrefs: yes

- name: Reload sshd service
  service:
    name: sshd
    state: reloaded


- name: Update & upgrade system
  apt:
    update_cache: yes
    upgrade: dist

- name: Install common required packages
  apt:
    name: "{{ commonRequirePackages }}"
    state: present

- name: Remove useless stuff
  apt:
    name: "{{ commonDeletePackages }}"
    state: absent

- name: Set the hostname
  hostname:
    name: "{{ cthostname }}"

- name: Set locales
  locale_gen:
    name: "{{ locales }}"
    state: present

- name: Set the Timezone to {{ Area }}/{{ City }}
  shell: "ln -sf /usr/share/zoneinfo/{{ Area}}/{{ City }} /etc/localtime"

- name: Fix /etc/hosts removing the old hostname
  tags:
    - hosts
  lineinfile:
    state: present
    dest: /etc/hosts
    line: "{{ ansible_default_ipv4.address }} {{ cthostname }} {{ domain }}"
    regexp: "^{{ ansible_default_ipv4.address }}"

# On créé un utilisateur si il le faut.
- name: create user {{ username }}
  user:
    name: "{{ username }}"
    system: yes
    createhome: yes
  when: create_user

# Régles de parefeu.
- name: Allow SSH connexions
  ufw:
    rule: limit
    port: ssh
    proto: tcp


- name: Set logging off
  ufw:
    logging: 'off'

- name: Deny everything and enable UFW
  ufw:
    state: enabled
    policy: deny